🛡️ NAIL Institute — AVE Database

← Back to Database

Supply Chain to Backdoor Pipeline

🔴 CRITICAL composite theoretical AVE-2025-0064

· aka: Trojan Tool

Summary

Malicious MCP tool registration → tool adoption by agents → persistent backdoor in all agent workflows using the tool.

Blast Radius

All agents using the compromised tool are persistently backdoored.

Prerequisites

Shared tool registry (e.g. MCP) without integrity verification.

Environment

Frameworks: LangGraph
Models tested: [Available in NAIL SDK]
Multi-agent: Yes
Tools required: Yes
Memory required: No

Related

AVE-2025-0014